http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
Robin Sheat <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #6 from Robin Sheat <[email protected]> --- (In reply to Fridolyn SOMERS from comment #5) > (In reply to Robin Sheat from comment #2) > I did not took the time to hack the system with that but nevertheless it is > dangerous to keep it as it is. It is. > > I don't think your patch goes far enough though: the $limit should be > > replaced by a '?' as well as being filtered > You mean ending query with "limit ?" and using execute($limit) ? > I thought it would not work because limit will be a string : "limit '10'". It works fine, SQL doesn't really care about the difference between strings and numbers when working with parameters. I'm marking this signed off as it's /vital/ that one of these patches goes in, it'd be best if they both did. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
